[security bulletin] HPSBMU03296 rev.1 – HP BladeSystem c-Class Onboard Administrator running OpenSSL, Remote Denial of Service (DoS)
Monthly Archives: April 2015
HP Security Bulletin HPSBMU03296 1
HP Security Bulletin HPSBMU03296 1 – Potential security vulnerabilities have been identified with HP BladeSystem c-Class Onboard Administrator. These vulnerabilities include the SSLv3 vulnerability known as “Padding Oracle on Downgraded Legacy Encryption” or “POODLE”, which could be exploited remotely to allow a Denial of Service (DoS). Revision 1 of this advisory.
Debian Security Advisory 3213-1
Debian Linux Security Advisory 3213-1 – Multiple vulnerabilities have been discovered in arj, an open source version of the arj archiver.
Debian Security Advisory 3214-1
Debian Linux Security Advisory 3214-1 – A path traversal vulnerability was discovered in Mailman, the mailing list manager. Installations using a transport script (such as postfix-to-mailman.py) to interface with their MTA instead of static aliases were vulnerable to a path traversal attack. To successfully exploit this, an attacker needs write access on the local file system.
Debian Security Advisory 3215-1
Debian Linux Security Advisory 3215-1 – Multiple vulnerabilities were discovered in libgd2, a graphics library.
RHSA-2015:0778-1: Critical: chromium-browser security update
Red Hat Enterprise Linux: Updated chromium-browser packages that fix two security issues are now
available for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having Critical security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
CVE-2015-1233, CVE-2015-1234
RHBA-2015:0779-1: Red Hat OpenShift Enterprise 2.2.5 bug fix and enhancement update
Red Hat Enterprise Linux: Red Hat OpenShift Enterprise release 2.2.5 is now available with updates to
packages that fix several bugs and introduce feature enhancements.
Post-Cryptanalysis, TrueCrypt Alternatives Step Forward
CipherShed and VeraCrypt developers stand ready to step in for TrueCrypt now that the cryptanalysis phase of the audit is complete and no backdoors were discovered.
IPv6 Toolkit 2.0
SI6 Networks’ IPv6 toolkit is a security assessment and troubleshooting tool for the IPv6 protocols. It can send arbitrary IPv6-based packets.
Solarwinds Firewall Security Manager 6.6.5 Client Session Handling
This Metasploit module exploits multiple vulnerabilities found in Solarwinds Firewall Security Manager 6.6.5. The first vulnerability is an authentication bypass via the Change Advisor interface due to a user-controlled session.putValue API in userlogin.jsp, allowing the attacker to set the ‘username’ attribute before authentication. The second problem is that the settings-new.jsp file will only check the ‘username’ attribute before authorizing the ‘uploadFile’ action, which can be exploited and allows the attacker to upload a fake xls host list file to the server, and results in arbitrary code execution under the context of SYSTEM. Depending on the installation, by default the Change Advisor web server is listening on port 48080 for an express install. Otherwise, this service may appear on port 8080. Solarwinds has released a fix for this vulnerability as FSM-v6.6.5-HotFix1.zip. You may download it from the module’s References section.